Retbleed was made public as a new speculative execution attack exploiting return instructions. While the "good" news is Retbleed only impacts prior generations of AMD and Intel processors, the bad news is the mitigated performance impact on Linux is quite severe.
- The Linux mitigation for Retbleed is invasive at nearly two thousand lines of new code and nearly 400 lines removed, across dozens of files.
- In the Retbleed whitepaper by ETH Zurich COMSEC researchers, they characterized the mitigations as result in 14~39% overhead.
- The Retbleed mitigations are some of the most performance-wrenching mitigations seen by the author of this article in a few years going back to the early Spectre/Meltdown days.
- Researchers and the hardware vendors believe Retbleed affects AMD Zen 1, Zen 1+, and Zen 2 processors -- but not the latest Zen 3 CPUs.
- When trying out the patched Linux kernel on Zen 3 hardware, there are no Retbleed mitigations applied. Over on the Intel side, Core 6th Generation through Core 8th Generation CPUs are impacted -- Skylake through Coffee Lake.
- The Retbleed mitigations were merged to Linux 5.19 Git as of yesterday and working their way currently to the various stable/supported Linux series right now. Those Linux stable point releases will be out shortly.
- When running on a patched Linux kernel, the Retbleed mitigations are applied automatically by default on the affected AMD/Intel CPUs as mentioned.